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Amendments to the Claims 



13. (Previously Presented) A communication system, comprising: 
a communication network, including a plurality of nodes; 
a server connected to a first one of the nodes; 
a client processor; 

a storage medium within the client processor to store a security system for 
connecting the cHent processor to the communication network for communication with 
the server, wherein the security system includes a transmission control protocol to control 
communication between the client processor and the communication network; 

a security classifier to couple the transmission control protocol to the 
communication network, the security classifier to determine a security classification for 
the client processor; 

a security association negotiator responsive to the client processor opening a 
socket at a node of the communication network, to correlate the socket with a security 
association based on the determined security classification; and 

a network interceptor to couple the client processor with the transmission control 
protocol, wherein the network interceptor responds to the socket being closed by 
determining whether any other socket is correlated with the security association, and if it 
is determined that no other socket is correlated with the security association, deleting the 
security association. 

14. (Cancelled) 

15. (Cancelled) 

16. (Previously Presented) An article, comprising a storage medium having 
instructions stored thereon, the instructions when executed, provide for controlling a 
security association of a network communication between a local application having a 
socket and a remote application by monitoring a completion status of the communication; 
upon completion of the communication, closing the socket; and in response to the closing 
of the socket, determining whether any other socket is correlated with the security 
association, and if it is determined that no other socket is correlated with the security 
association, deleting the security association. 

17. (Cancelled) 

18. (Cancelled) 

19. (Previously Presented) An article as claimed in claim 16, wherein the local 
application operates through a driver, and the correlation of the security association with 
the socket includes notifying the driver that the security association is no longer needed, 
to cause the driver to terminate the correlation. 
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20. (Original) The communication system of claim 13, wherein the network 
interceptor monitors all sockets protected by the security association. 

21. (Original) The communication system of claim 13, wherein the network 
interceptor monitors when the socket is closed. 

22. (Currently Amended) A communication method comprising: 

monitoring a completion status of a network communication between a local 
application and a remote application, wherein the local application utilizes a socket 
correlated with a security association ; 

upon completion of the network communication, closing the socket; and 
in response to the closing of the socket, determining whether any other socket is 
correlated with the security association, and if it is determined that no other socket is 
correlated with the security association, deleting the security association. 

23. (Original) The communication method of claim 22, wherein the local 
application operates through a driver, and terminating the correlation of the security 
association with the socket includes notifying the driver that the security association is no 
longer needed to cause the driver to terminate the correlation. 

24. (Previously Presented) A communication method comprising: 

creating a socket for a local application to enable the local application to 
communicate with a remote application on a communication network; 
correlating the socket with a security association; 

performing the communication through the socket and the communication 
network; 

upon completion of the communication, closing the socket; and 
in response to the closing of the socket, determining whether any other socket is 
correlated with the security association, and if it is determined that no other socket is 
correlated with the security association, deleting the security association. 

25. (Original) The communication method of claim 24, wherein correlating the 
socket with the security association comprises: 

determining whether there is an active security association that would cover 
traffic for the socket; 

if it is determined that there is an active security association that would cover 
traffic for the socket, then correlating the socket with the active security association; 

if it is determined that there is not an active security association that would cover 
traffic for the socket, then: 

determining a new security association for traffic for the socket; 
giving the new security association to a network security driver; 
receiving a handle for the new security association fi-om the network 
security driver; and 

correlating the socket with the new security association of the handle. 
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26. (Original) The communication method of claim 24, wherein the local 
application operates through a driver, and terminating the correlation of the security 
association with the socket includes notifying the driver that the security association is no 
longer needed to cause the driver to terminate the correlation. 

27. (Previously Presented) A security system comprising: 

a transmission control protocol for controlling communication between a client 
application and a communication network; 

a security classifier for coupling the transmission control protocol to the 
communication network, the security classifier to determine a security classification for 
the client application; 

a security association negotiator responsive to the client application opening a 
socket at a node of the communication network, to correlate the socket with a security 
association based on the determined security classification; and 

a network interceptor coupling the client application with the transmission control 
protocol, and responsive to the socket being closed by determining whether any other 
socket is correlated with the security association, and if it is determined that no other 
socket is correlated with the security association, to delete the security association. 

28. (Original) The security system of claim 27, wherein the network interceptor 
monitors when the client application closes the socket. 



